ОГЛЯД ПРОГРАМНОГО ЗАБЕЗПЕЧЕННЯ БЕЗПЕКИ
Ключові слова:
методи захисту програмного забезпечення, тип атак, загрози програмному забезпеченню
Анотація
У статті проведено аналіз основних загроз і проблем захисту програмного забезпечення. Розглянуто методи захисту інформації, їх переваги і недоліки, а також проведені дослідження можливості використання існуючих засобів для захисту програмного забезпечення. Доведена можливість удосконалення і використання ряду методів захисту програмного забезпечення від активних атак та фальсифікації. Для кожного існуючого типу атаки вказані необхідні заходи захисту. Крім того, розглянуті кілька сучасних методів захисту, які можна використовувати в програмному забезпеченні для захисту від атак аналізу і злому програми. Проаналізовано такі методи: клієнт-серверні рішення, шифрування коду, рознесення коду, обфускація коду, криптографія White-Box, програмне забезпечення для захисту від несанкціонованого доступу, захист програмного забезпечення, залишкове хешування. Хоча всі ці методи розглянуті окремо, можна об'єднати їх для спільного використання для програмного забезпечення безпеки.Завантаження
Дані про завантаження поки що недоступні.
Посилання
1. Intro to spyware. http://www.spywareguide.com/txt_intro.php.
2. R. E. Mahan. Malicious Software, http: //www.tricity.wsu.edu/htmls/cs427/public_html/ Ch%2013%20Malicious% 20Software.pdf.
3. H. J. S. Chow, P. Eisen and P. van Oorschot. A White-Box DES Implementation for DRM Applications. In Proceedings of 2nd work ACM Workshop on Digital Rights Management (DRM 2002), November 18 2002.
4. H. J. S. Chow, P. Eisen and P. van Oorschot. White-Box Cryptography and an AES Implementation. In Proceedings of the Ninth Workshop on Selected Areas in Cryptography (SAC 2002), 2002.
5. A. Menez, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, Inc., 1997.
6. Microsoft Corporation. Digital signature benefits for windows users, 2002.
7. H. Chang and M. J. Atallah. Protecting software codes by guards. ACM Workshop on Digital Rights Managment (DRM 2001), LNCS 2320:160– 175, 2001.
8. Amin Salih M., Yuvaraj D., Sivaram M., Porkodi V. Detection And Removal Of Black Hole Attack In Mobile Ad Hoc Networks Using Grp Protocol. International Journal of Advanced Research in Computer Science. Vol. 9, No 6. P. 1–6, DOI: http://dx.doi.org/10.26483/ijarcs.v9i6.6335
9. Saravanan S., Hailu M., Gouse G.M., Lavanya M., Vijaysai R. Optimized Secure Scan Flip Flop to Thwart Side Channel Attack in Crypto-Chip. International Conference on Advances of Science and Technology, ICAST 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Vol 274. Springer, Cham. DOI: https://doi.org/10.1007/978-3-030-15357-1_34
10. Porkodi V., Sivaram M., Mohammed A.S., Manikandan V. Survey on White-Box Attacks and Solutions. Asian Journal of Computer Science and Technology. Vol. 7, Is. 3. pp. 28–32.
11. Manikandan V, Porkodi V, Mohammed AS, Sivaram M, “Privacy Preserving Data Mining Using Threshold Based Fuzzy cmeans Clustering”, ICTACT Journal on Soft Computing, Volume 9, Issue 1, 2018, pp.1813-1816. DOI: 10.21917/ijsc.2018.0252
12. T. Sander and C. F. Tschudin. On Software Protection via Function Hiding. In Proceedings of the Second Workshop on Information Hiding, LNCS 1525:111–123, 1998.
13. E. Biham and A. Shamir. Differential Fault Analysis of Secret Key Cryptosystems. Advances in Cryptology: Crypto ’97, LNCS 1294:513– 525, 1997.
14. Symantic. Understanding and Managing Polymorphic Viruses. http://www.symantec.com/avcenter/reference/striker.pdf.
15. P. Szor and P. Ferrie. Hunting for Metamorphic, September 2001. http://www.peterszor.com/metamorp.pdf.
16. T. Yetiser. Polymorphic Viruses. http://vx.netlux.org/texts/html/polymorf.html.
17. S. Forrest, A. Somayaji, and D. H. Ackley. Building Diverse Computer Systems. In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, pages 67–72, 1997.
18. D. C. D. Sandeep Bhatkar and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105–120, August 2003.
19. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. http://www.immunix.org/StackGuard/discex00.pdf.
20. I. Simon. A Comparative Analysis of Methods of Defense against Buffer Overflow Attacks, January 2000. http://www.mcs.csuhayward.edu/~simon/security/boflo.html
21. C. Cifuentes and K. Gough. Decompiling of binary programs. Software – Practice & Experience, 25(7):811–829, 1995.
22. Z. KlassMaster. The second generation java obfuscator. http://www.zelix.com/.
23. P. Solutions. Dasho - the premier java obfuscator and efficiency enhancing tool. http://www.preemptive.com/products/dasho/.
24. P. Solutions. Dotfuscator - the premier .NET obfuscator and efficiency enhancing tool. http://www.preemptive.com/products/dotfuscator/.
25. G. Wroblewski. General Method of Program Code Obfuscation. PhD thesis, Wroclaw University of Technology, Institute of Engineering Cybernetics, 2002.
26. M. Mambo, T. Murayama, and E. Okamoto. A tentative approach to constructing tamper-resistant software. In Proceedings of New Security Paradigms Workshop, pages 23–33, 1997.
27. B. Horne, L. R. Matheson, C. Sheehan, and R. E. Tarjan. Dynamic SelfChecking Techniques for Improved Tamper Resistance. In Proceedings of Workshop on Security and Privacy in Digital Rights Management 2001, pages 141–159, 2001.
28. J. P. Stern, G. Hachez, F. Koeune, and J.-J. Quisquater. Robust object watermarking: Application to code. In Information Hiding, pages 368– 378, 1999.
29. D. Boneh, R. A. DeMillo, and R. J. Lipton. On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology: the journal of the International Association for Cryptologic Research, 14(2):101–119, 2001.
30. D. Aucsmith. Tamper resistant software: an implementation. Information Hiding, 1174:317–333, 1996.
31. R. N. Williams. Welcome to the Sci.Electronics. A painless guide to CRC error detection algorithms, 1993. http://www.repairfaq.org/filipg/LINK/F_crc_v3.html
32. Yogesh Awasthi, R P Agarwal, B K Sharma, "Intellectual property right protection of browser based software through watermarking technique", International Journal of Computer Applications, vol. 97, no. 12, 2014, pp. 32-36.
33. Yogesh Awasthi, R P Agarwal, B K Sharma, "Two Phase Watermarking for Security in Database", International Journal of Computing, vol. 4, no. 4, 2014, pp. 821-824.
34. Kuchuk G.A. An Approach To Development Of Complex Metric For Multiservice Network Security Assessment / G.A. Kuchuk, A.A. Kovalenko, A.A. Mozhaev // Statistical Methods Of Signal and Data Processing (SMSDP – 2010): Proc. Int. Conf., October 13-14, 2010.– Kiev: NAU, RED, IEEE Ukraine section joint SP, 2010. – P. 158 – 160.
35. Y. Chen, R. Venkatesan, M. Cary, R. Pang, and S. S. an Mariusz Jakubowski. Oblivious hashing: a stealthy software integrity verification primitive. In Information Hiding, 2002.
2. R. E. Mahan. Malicious Software, http: //www.tricity.wsu.edu/htmls/cs427/public_html/ Ch%2013%20Malicious% 20Software.pdf.
3. H. J. S. Chow, P. Eisen and P. van Oorschot. A White-Box DES Implementation for DRM Applications. In Proceedings of 2nd work ACM Workshop on Digital Rights Management (DRM 2002), November 18 2002.
4. H. J. S. Chow, P. Eisen and P. van Oorschot. White-Box Cryptography and an AES Implementation. In Proceedings of the Ninth Workshop on Selected Areas in Cryptography (SAC 2002), 2002.
5. A. Menez, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, Inc., 1997.
6. Microsoft Corporation. Digital signature benefits for windows users, 2002.
7. H. Chang and M. J. Atallah. Protecting software codes by guards. ACM Workshop on Digital Rights Managment (DRM 2001), LNCS 2320:160– 175, 2001.
8. Amin Salih M., Yuvaraj D., Sivaram M., Porkodi V. Detection And Removal Of Black Hole Attack In Mobile Ad Hoc Networks Using Grp Protocol. International Journal of Advanced Research in Computer Science. Vol. 9, No 6. P. 1–6, DOI: http://dx.doi.org/10.26483/ijarcs.v9i6.6335
9. Saravanan S., Hailu M., Gouse G.M., Lavanya M., Vijaysai R. Optimized Secure Scan Flip Flop to Thwart Side Channel Attack in Crypto-Chip. International Conference on Advances of Science and Technology, ICAST 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Vol 274. Springer, Cham. DOI: https://doi.org/10.1007/978-3-030-15357-1_34
10. Porkodi V., Sivaram M., Mohammed A.S., Manikandan V. Survey on White-Box Attacks and Solutions. Asian Journal of Computer Science and Technology. Vol. 7, Is. 3. pp. 28–32.
11. Manikandan V, Porkodi V, Mohammed AS, Sivaram M, “Privacy Preserving Data Mining Using Threshold Based Fuzzy cmeans Clustering”, ICTACT Journal on Soft Computing, Volume 9, Issue 1, 2018, pp.1813-1816. DOI: 10.21917/ijsc.2018.0252
12. T. Sander and C. F. Tschudin. On Software Protection via Function Hiding. In Proceedings of the Second Workshop on Information Hiding, LNCS 1525:111–123, 1998.
13. E. Biham and A. Shamir. Differential Fault Analysis of Secret Key Cryptosystems. Advances in Cryptology: Crypto ’97, LNCS 1294:513– 525, 1997.
14. Symantic. Understanding and Managing Polymorphic Viruses. http://www.symantec.com/avcenter/reference/striker.pdf.
15. P. Szor and P. Ferrie. Hunting for Metamorphic, September 2001. http://www.peterszor.com/metamorp.pdf.
16. T. Yetiser. Polymorphic Viruses. http://vx.netlux.org/texts/html/polymorf.html.
17. S. Forrest, A. Somayaji, and D. H. Ackley. Building Diverse Computer Systems. In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, pages 67–72, 1997.
18. D. C. D. Sandeep Bhatkar and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105–120, August 2003.
19. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. http://www.immunix.org/StackGuard/discex00.pdf.
20. I. Simon. A Comparative Analysis of Methods of Defense against Buffer Overflow Attacks, January 2000. http://www.mcs.csuhayward.edu/~simon/security/boflo.html
21. C. Cifuentes and K. Gough. Decompiling of binary programs. Software – Practice & Experience, 25(7):811–829, 1995.
22. Z. KlassMaster. The second generation java obfuscator. http://www.zelix.com/.
23. P. Solutions. Dasho - the premier java obfuscator and efficiency enhancing tool. http://www.preemptive.com/products/dasho/.
24. P. Solutions. Dotfuscator - the premier .NET obfuscator and efficiency enhancing tool. http://www.preemptive.com/products/dotfuscator/.
25. G. Wroblewski. General Method of Program Code Obfuscation. PhD thesis, Wroclaw University of Technology, Institute of Engineering Cybernetics, 2002.
26. M. Mambo, T. Murayama, and E. Okamoto. A tentative approach to constructing tamper-resistant software. In Proceedings of New Security Paradigms Workshop, pages 23–33, 1997.
27. B. Horne, L. R. Matheson, C. Sheehan, and R. E. Tarjan. Dynamic SelfChecking Techniques for Improved Tamper Resistance. In Proceedings of Workshop on Security and Privacy in Digital Rights Management 2001, pages 141–159, 2001.
28. J. P. Stern, G. Hachez, F. Koeune, and J.-J. Quisquater. Robust object watermarking: Application to code. In Information Hiding, pages 368– 378, 1999.
29. D. Boneh, R. A. DeMillo, and R. J. Lipton. On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology: the journal of the International Association for Cryptologic Research, 14(2):101–119, 2001.
30. D. Aucsmith. Tamper resistant software: an implementation. Information Hiding, 1174:317–333, 1996.
31. R. N. Williams. Welcome to the Sci.Electronics. A painless guide to CRC error detection algorithms, 1993. http://www.repairfaq.org/filipg/LINK/F_crc_v3.html
32. Yogesh Awasthi, R P Agarwal, B K Sharma, "Intellectual property right protection of browser based software through watermarking technique", International Journal of Computer Applications, vol. 97, no. 12, 2014, pp. 32-36.
33. Yogesh Awasthi, R P Agarwal, B K Sharma, "Two Phase Watermarking for Security in Database", International Journal of Computing, vol. 4, no. 4, 2014, pp. 821-824.
34. Kuchuk G.A. An Approach To Development Of Complex Metric For Multiservice Network Security Assessment / G.A. Kuchuk, A.A. Kovalenko, A.A. Mozhaev // Statistical Methods Of Signal and Data Processing (SMSDP – 2010): Proc. Int. Conf., October 13-14, 2010.– Kiev: NAU, RED, IEEE Ukraine section joint SP, 2010. – P. 158 – 160.
35. Y. Chen, R. Venkatesan, M. Cary, R. Pang, and S. S. an Mariusz Jakubowski. Oblivious hashing: a stealthy software integrity verification primitive. In Information Hiding, 2002.
Опубліковано
2019-04-11
Як цитувати
Rashidinia Anoushirvan Огляд програмного забезпечення безпеки / Anoushirvan Rashidinia, S. Gavrilenko, M. Pochebut, O. Sytnikova // Системи управління, навігації та зв’язку. Збірник наукових праць. – Полтава: ПНТУ, 2019. – Т. 2 (54). – С. 55-59. – doi:https://doi.org/10.26906/SUNZ.2019.2.055.
Розділ
Інформаційні технології
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.