中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/12920
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41668806      線上人數 : 1280
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/12920


    題名: 行動執行碼保護之研究;A Study of Protecting Mobile Code
    作者: 陳志緯;Zhi-Wei Chen
    貢獻者: 資訊管理研究所
    關鍵詞: aglet;CEF;Computing with Encrypted Function;EEF;Evaluation of Encrypted Function;惡意主機;行動代理人;行動執行碼;混淆;混淆器;aglet;CEF;Computing with Encrypted Function;EEF;Evaluation of Encrypted Function;malicious host;mobile agent;mobile code;obfuscate;obfuscator
    日期: 2002-06-21
    上傳時間: 2009-09-22 15:18:42 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 一般來說,若我們以信任及安全溝通機制、加密傳輸及數位簽章、警察局模式等方式來保護行動執行碼,我們並無法解決行動執行碼私密性的問題,這是因為這些傳統的方式並未考慮保護行動執行碼之私密性。雖然說應用智慧卡來保護行動執行碼,是對其行動執行碼之私密性保護的一種較佳的方式,但其高硬體成本及受限的運算資源,卻可令我們望之怯步。另一方面,我們也發現或許可以利用執行碼混淆器來保護行動執行碼,它本身是比使用智慧卡更為合適及普遍的方式。然而已有證明敘述,執行碼混淆器演算法上不可能存在有完全的單向函數,意指任何經過混淆器修改過的執行碼,一定可以找到支援某種形式的反編譯器將之還原。此外,目前並未有混淆器能夠支援在行動代理人系統上,對其行動代理人,動態地執行修改及還原其流程之工作。 為了突破這些限制,我們已發展JOBS (Java OBfuscation System)這項Java套件。JOBS內含從JODE編修而來的混淆器引擎、衍生自Sander之EEF理論的混淆器模組、及物件資料流編輯器(objsed)等部分。我們規劃JOBS的設計,使之包含易與一般的Java行動代理人系統整合的介面。因此,我們展示Aglets與JOBS的整合,並在此平台執行以投票為例的aglet,則JOBS會自動利用EEF的機制,將存在於我們所指定函式中的多項式加以混淆,其中的過程EEF則會產生與此多項式在配置上極少關聯的矩陣,來取代此多項式,並混淆我們對此多項式的認知。 對於系統限制,我們目前只專注在函式中多項式的保護,而暫時忽略分支指令的支援。而且為了避免因矩陣運算上所產生的失準,我們目前建議只使用整數的運算元來做計算。 目前可能存在的潛在問題有:矩陣運算的效率、還原矩陣之暫存的更新頻率、矩陣運算之安全強度的證明、運算完整性的認證機制。這些問題都有待未來解決。 We encounter the difficulties in protecting the privacy of mobile code by the traditional means, including the mechanisms of trust and security protocols, encryption of transmission and digital signatures, and the police-office model, because these means do not consider protecting the privacy of mobile code. Although leveraging the smartcard is a better protection approach targeting on the privacy of mobile code, the hardware costs and the limited computing resources prevent us from taking this approach. We also recognize that using the obfuscator is a feasible and prevailing means to protect mobile code. However, it is proven that there are no perfect one-way obfuscators such that we can possibly find a way to decompile the obfuscated mobile code. In addition, few obfuscators can enable mobile agent systems to scramble and unscramble the mobile agents in the run time. To overcome the limitations, we have developed a Java package, JOBS (Java OBfuscation System), which aggregates an obfuscation engine, an EEF obfuscating module derived from Sander, and the Java object stream editor (objsed). To integrate JOBS into the common Java mobile agent systems is designed to be simple. We then present the JOBS-enabled Aglets where we demonstrate an example of voting aglet such that JOBS functions to obfuscate the specific methods of the voting aglet by using the EEF mechanism which obfuscates the polynomials into the lesser-associated matrices that confuse us. As to our current system limitations, we focus only on the protection of polynomials in a method instead of branch instructions, and we recommend the associated operands to be integers for fear of loss of precision in matrix operations. There are exiting potential flaws including the inefficiency of calculations due to the heavy use of matrix operations, the undetermined frequency of validating the resolving matrix cache, the loosely-proven strength of security by the matrix operations, and the insufficiency of the validation mechanisms for integrity of the operations on the guest hosts.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 大小格式瀏覽次數


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明