CN113591041B - Distributed coding system for preventing code injection or source code decompilation - Google Patents

Distributed coding system for preventing code injection or source code decompilation Download PDF

Info

Publication number
CN113591041B
CN113591041B CN202111141640.0A CN202111141640A CN113591041B CN 113591041 B CN113591041 B CN 113591041B CN 202111141640 A CN202111141640 A CN 202111141640A CN 113591041 B CN113591041 B CN 113591041B
Authority
CN
China
Prior art keywords
node
code
coding
nodes
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111141640.0A
Other languages
Chinese (zh)
Other versions
CN113591041A (en
Inventor
张卫平
丁烨
张浩宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Digital Group Co Ltd
Original Assignee
Global Digital Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Global Digital Group Co Ltd filed Critical Global Digital Group Co Ltd
Priority to CN202111141640.0A priority Critical patent/CN113591041B/en
Publication of CN113591041A publication Critical patent/CN113591041A/en
Application granted granted Critical
Publication of CN113591041B publication Critical patent/CN113591041B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a distributed coding system for preventing code injection or source code decompilation; the encoding system is formulated based on a distributed encoding system; the coding system comprises a coding stage and a sub-task item splitting stage which are used for carrying out coding on a total task needing to complete a coding task, and distributed coding is carried out after the sub-task item is assigned according to the operational node operational capacity in the distributed coding system; then, carrying out a plurality of code injection tests on the codes which are coded through a plurality of verification nodes in the distributed coding system, and searching and analyzing possible code injection vulnerabilities in the codes; furthermore, by writing ciphertext segment information into the code and adding pseudo entry information under the common recognition of a plurality of computing nodes, the difficulty of decompilation is greatly improved, and therefore outsiders are prevented from carrying out decompilation operation on the source code.

Description

Distributed coding system for preventing code injection or source code decompilation
Technical Field
The invention relates to the technical field of distributed coding. And more particularly, to a distributed coding system that prevents code injection or decompilation of source code.
Background
With the development of artificial intelligence, the computational power consumption of a computing system is continuously increased at a high speed aiming at increasingly huge application scenes and the requirement of the interconnection of everything which is increased at a high speed, and the required computational power, algorithm and even network communication speed all put forward unprecedented requirements for the current corresponding technical field. Particularly for full-automatic artificial intelligence application scenes, such as fields of intelligent scenic spots, intelligent hospitals and the like, related nodes and information have huge data amount needing to be processed and coded, static and dynamic data change is fast, and meanwhile, a highly flexible algorithm needs to be adopted to make optimal response aiming at different events. Massive coding requirements urge a distributed coding technology to be generated; the distributed coding technology is utilized to perform task segmentation on an original coding task, the original coding task is sent to each operation node through a distribution mechanism to be coded, and finally, the staged tasks are summarized and completed. The distributed coding is different from the traditional central coding system, and the system characteristics that the existing server nodes are distributed dispersedly, but the wireless network speed and the bandwidth increase speed are high are greatly utilized, so that the coding efficiency is effectively improved.
Further, under the current complex network space environment, for various programs whose user input data lacks validity verification and filtering, hackers can make software or program entities defeat the original purpose of designers in the specific execution process by constructing various malformed data, so as to change the program control flow and then steal the program control right or steal confidential data such as databases behind the programs, which is the most serious security threat currently faced by networks and systems. Aiming at the characteristic that the injection vulnerability is closely related to the behavior of receiving external input.
Further, in the execution process of the code, for various reasons of the client, the source code may be intercepted and decompiled, so as to obtain the source code or a knowledge part, such as logic, an algorithm, an execution flow and the like, included in the source code, which should not be known by the outside, and further bring loss to the rights and interests of a source code developer.
Looking up relevant published technical solutions, publication number US2021089645a1 proposes a method of generating a random security tag and writing the random security tag into an instruction block, and preventing the instruction block from being sent to a processor for execution when an exception occurs according to a random mutual authentication mode of the tag pointing to two exclusive-or domains when the instruction block is executed; CN112231651(a) proposes a way of asymmetrically encrypting MD5 value to the source code core, so as to enhance the decryption difficulty of the source code core, thereby increasing the time and labor cost of decryption and decompilation. However, the above technical solutions are all directed to the past centralized coding operation method, and are not suitable for the currently discussed distributed coding method.
Disclosure of Invention
The invention aims to provide a distributed coding system for preventing code injection or source code decompilation; the coding system fully utilizes the characteristics of multiple nodes and multiple concurrencies of a distributed system, processes of coding, executing and legality verifying of a program are respectively subjected to coding and legality verifying by each node after being disassembled and assigned, and enough characteristic records are recorded in the process as the optimization basis of a coding algorithm, so that the coding and executing efficiency and safety are effectively improved; the coding system stores the encrypted verification information after encryption of the complete code by using the block chain, thereby effectively preventing the consistency of the code from being questioned after the encrypted information is leaked at a certain node.
The invention adopts the following technical scheme:
a distributed coding system that prevents code injection or source code decompilation, the coding system comprising a scheduling module, an inspection module, and a processing module; the scheduling module runs on at least one node on the distributed system; the scheduling module generates a task number for a coding task to be performed and reserves a corresponding distributed cloud storage space, and splits the coding task into k coding stages according to a splitting rule, and further splits each coding stage into j subtask items; according to the distributed current deployment condition, the scheduling module allocates the subtask item to a designated node in the distributed system for encoding; the inspection module monitors and verifies the encoded subtask items and feeds back verification results; the processing module is positioned on all distributed operation nodes and used for performing encoding operation on the subtask items, encrypting an encoding result, and performing operations of digital signature and packaging and uploading the operation result;
wherein, a alliance chain organization is built in the distributed system, and a code main chain is maintained on the alliance chain; when receiving the coding task, all n nodes on the distributed system select a first node through a consensus mechanism; the first node is used as a first response node for responding to the coding request and dispatching the coding task operation; the first node requires other nodes in the distributed system to play the roles of coding nodes or verification nodes by calling the scheduling module, and forms corresponding dispatching node records to provide verification possibility of legality and traceability; after the coding task is completed, the coding node requests at least one of the verification nodes to perform verification test on the code after the coding is completed so as to find out code bugs possibly existing in the code bugs;
each node in the alliance chain is provided with a pair of public key Pkey and private key Skey which belong to the node; the public key Pkey and the private key Skey are generated in an asymmetric encryption mode; broadcasting the public key Pkey of the node to the alliance chain, and recording the public key Pkey by all nodes on the chain; the private key Skey is stored and kept secret by the node and is used for encryption operation when the encoding operation of the subtask is carried out; the information encrypted by the public key Pkey can only be decrypted by the private key Skey; the information encrypted by the private key Skey can only be decrypted by the public key Pkey;
after the first node is elected, a alliance chain uses the first public key of the first node to encrypt the login permit of the scheduling module; the first node decrypts the login permit through a first private key, obtains the scheduling authority of the scheduling module and executes task scheduling operation;
the first node sends one of the subtask items to (n-1) nodes except the first node for precoding by calling the scheduling module, and calculates the capability value of each node by measuring and calculating the computing capability and the load ratio of the (n-1) nodes; the scheduling module counts the capability values of all nodes and selects j nodes in (n-1) nodes as computing nodes; j computing nodes form a computing node group; the first node assigns j subtask items in one encoding stage to the computing node group and writes a computing node assignment record in the form of < task number-encoding stage-subtask item-computing node number >; the first node executes dispatching operation according to the dispatching record of the computing nodes, and distributes j subtask items in an encoding stage to j computing nodes for encoding operation;
the compute node dispatch record is written by the first node into a block of the code backbone; the computing node group confirms the validity of all nodes through a consensus mechanism in a alliance chain; the alliance chain sends a pass certificate which is encrypted by a public key Pkey of each alliance chain and enables the authority of the processing module to j computing nodes in the computing node group; each computing node decrypts the certification of the authority of the processing module through the respective private key Skey, so as to obtain the authority for calling the processing module, and the processing module is used for encoding;
after the computing node group is designated, the scheduling module designates the rest (n-j-1) nodes as verification nodes, and the scheduling module generates a verification node assignment record < task number-coding stage-subtask item-verification node number >;
the verification node assignment record is written by the first node into a block of the code backbone; the verification node group confirms the validity of all nodes through a consensus mechanism in a alliance chain; the alliance chain sends the pass certificate which is encrypted by the respective public key Pkey and enables the authority of the check module to (n-j-1) verification nodes in the verification node group; each verification node decrypts the certification of the authority of the inspection module through the respective private key Skey, so as to obtain the authority for calling the inspection module, and the inspection module is used for coding supervision;
when one computing node finishes one subtask item and obtains a corresponding code segment, requesting at least one verification node to perform code injection test; at least one verification node performs at least p attempted injection operations on the code segment by utilizing known or possible code injection modes; the value of p is determined by the first node by evaluating the length of the code segment and the capability value of at least one of the verification nodes; at least one verification node calls a filter of the checking module and a judger simultaneously records whether the code segment has a bug after code injection operation is tried; after the verification node finishes p times of injection operations, obtaining a check record, feeding the check record back to the first node, calling the scheduling module by the first node, and determining whether the computing node needs to recode the subtask item so as to ensure enough defense capacity for code injection;
after the first node obtains all code segments of the coding stage, traversing the coding stage, adding a segment of hash value ciphertext segment encrypted by the first private key of the first node at a random position, and annotating the ciphertext segment with an annotation symbol; the first node performs byte number grouping on a complete code of the coding stage added with the ciphertext fragment and performs hash operation encryption on the grouped complete code through the first private key of the first node to obtain a hash value field with a fixed length representing the coding stage;
the first node encrypts the k encoding stages to obtain k hash value fields; after the first node integrates the codes of the k encoding stages, a forced verification program is added at the beginning of the codes, and the k hash value fields of the k encoding stages are required to be forcibly verified each time the code section is read; and the first node packages the forced verification program, the complete code and the k hash value fields and uploads the packaged fields to the code main chain.
The beneficial effects obtained by the invention are as follows:
1. the coding system is different from the running form of the traditional centralized coding and defense, fully calls the characteristic of multi-node concurrent operation in a distributed system, and performs illegal code injection test on complete codes in a controllable environment so as to ensure that the codes eliminate injection bugs as much as possible;
2. the coding system utilizes the characteristic that a machine can skip code annotation in the process of compiling codes, adds encrypted ciphertext into the codes and annotates the ciphertext, and finally encrypts the hash value of the code segment; when the decompiling is encountered, the decompiled code cannot pass the forced verification program necessarily because the comment part cannot be completely decompiled;
3. the coding system stores each segment of codes after coding by using a block chain technology, not only performs consensus endorsement of all nodes for code consistency, but also prevents algorithm operation of inverse coding by storing and encrypting each segment of codes in a segmented manner.
4. The coding system is suitable for various programming systems, languages or algorithms, and has a good universality effect.
Drawings
The invention will be further understood from the following description in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. Like reference numerals designate corresponding parts throughout the different views.
FIG. 1 is a diagram illustrating the decomposition of an encoding task according to the present invention;
FIG. 2 is a schematic diagram of the components of the distributed encoding system of the present invention;
FIG. 3 is a schematic diagram of the checking module prompting finding a suspected illegal code injection operation;
FIG. 4 is a block diagram of the code backbone within the coding system.
The reference numbers illustrate: 100-a distributed coding system; 101-code backbone; 102-a first node; 103-a scheduling module; 104-a processing module; 105-a checking module; 106-a group of compute nodes; 107-verify the node group.
Detailed Description
In order to make the technical solution and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the embodiments thereof; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. Other systems, methods, and/or features of the present embodiments will become apparent to those skilled in the art upon review of the following detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims. Additional features of the disclosed embodiments are described in, and will be apparent from, the detailed description that follows.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it is to be understood that if there is an orientation or positional relationship indicated by the terms "upper", "lower", "left", "right", etc. based on the orientation or positional relationship shown in the drawings, it is only for convenience of description and simplification of description, but it is not intended to indicate or imply that the device or assembly referred to must have a specific orientation.
The first embodiment is as follows:
referring to fig. 1 and 2, a distributed coding system for preventing code injection or source code decompilation, the coding system comprising a scheduling module, an inspection module, and a processing module; the scheduling module runs on at least one node on the distributed system; the scheduling module generates a task number for a coding task to be performed and reserves a corresponding distributed cloud storage space, and splits the coding task into k coding stages according to a splitting rule, and further splits each coding stage into j subtask items; according to the distributed current deployment condition, the scheduling module allocates the subtask item to a designated node in the distributed system for encoding; the inspection module monitors and verifies the encoded subtask items and feeds back verification results; the processing module is positioned on all distributed operation nodes and used for performing encoding operation on the subtask items, encrypting an encoding result, and performing operations of digital signature and packaging and uploading the operation result;
wherein, a alliance chain organization is built in the distributed system, and a code main chain is maintained on the alliance chain; when receiving the coding task, all n nodes on the distributed system select a first node through a consensus mechanism; the first node is used as a first response node for responding to the coding request and dispatching the coding task operation; the first node requires other nodes in the distributed system to play the roles of coding nodes or verification nodes by calling the scheduling module, and forms corresponding dispatching node records to provide verification possibility of legality and traceability; after the coding task is completed, the coding node requests at least one of the verification nodes to perform verification test on the code after the coding is completed so as to find out code bugs possibly existing in the code bugs;
each node in the alliance chain is provided with a pair of public key Pkey and private key Skey which belong to the node; the public key Pkey and the private key Skey are generated in an asymmetric encryption mode; broadcasting the public key Pkey of the node to the alliance chain, and recording the public key Pkey by all nodes on the chain; the private key Skey is stored and kept secret by the node and is used for encryption operation when the encoding operation of the subtask is carried out; the information encrypted by the public key Pkey can only be decrypted by the private key Skey; the information encrypted by the private key Skey can only be decrypted by the public key Pkey;
after the first node is elected, a alliance chain uses the first public key of the first node to encrypt the login permit of the scheduling module; the first node decrypts the login permit through a first private key, obtains the scheduling authority of the scheduling module and executes task scheduling operation;
the first node sends one of the subtask items to (n-1) nodes except the first node for precoding by calling the scheduling module, and calculates the capability value of each node by measuring and calculating the computing capability and the load ratio of the (n-1) nodes; the scheduling module counts the capability values of all nodes and selects j nodes in (n-1) nodes as computing nodes; j computing nodes form a computing node group; the first node assigns j subtask items in one encoding stage to the computing node group and writes a computing node assignment record in the form of < task number-encoding stage-subtask item-computing node number >; the first node executes dispatching operation according to the dispatching record of the computing nodes, and distributes j subtask items in an encoding stage to j computing nodes for encoding operation;
the compute node dispatch record is written by the first node into a block of the code backbone; the computing node group confirms the validity of all nodes through a consensus mechanism in a alliance chain; the alliance chain sends a pass certificate which is encrypted by a public key Pkey of each alliance chain and enables the authority of the processing module to j computing nodes in the computing node group; each computing node decrypts the pass-certificate of the authority of the processing module through the respective private key so as to obtain the authority of calling the processing module, and the processing module is used for coding;
after the computing node group is designated, the scheduling module designates the rest (n-j-1) nodes as verification nodes, and the scheduling module generates a verification node assignment record < task number-coding stage-subtask item-verification node number >;
the verification node assignment record is written by the first node into a block of the code backbone; the verification node group confirms the validity of all nodes through a consensus mechanism in a alliance chain; the alliance chain sends the pass certificate which is encrypted by the respective public key Pkey and enables the authority of the check module to (n-j-1) verification nodes in the verification node group; each verification node decrypts the pass certificate of the authority of the check module through the respective private key so as to obtain the authority for calling the check module, and the check module is utilized for coding supervision;
when one computing node finishes one subtask item and obtains a corresponding code segment, requesting at least one verification node to perform code injection test; at least one verification node performs at least p attempted injection operations on the code segment by utilizing known or possible code injection modes; the value of p is determined by the first node by evaluating the length of the code segment and the capability value of at least one of the verification nodes; at least one verification node calls a filter of the checking module and a judger simultaneously records whether the code segment has a bug after code injection operation is tried; after the verification node finishes p times of injection operations, obtaining a check record, feeding the check record back to the first node, calling the scheduling module by the first node, and determining whether the computing node needs to recode the subtask item again to ensure enough defense capacity for code injection;
after the first node obtains all code segments of the coding stage, traversing the coding stage, adding a section of ciphertext section of the hash value encrypted by the first private key of the first node at a random position, and annotating the ciphertext section with an annotation symbol; the first node performs byte number grouping on a complete code of the coding stage added with the ciphertext fragment and performs hash operation encryption on the grouped complete code through the first private key of the first node to obtain a hash value field with a fixed length representing the coding stage;
the first node encrypts the k encoding stages to obtain k hash value fields; after the first node integrates the codes of the k encoding stages, a forced verification program is added at the beginning of the codes, and the k hash value fields of the k encoding stages are required to be forcibly verified each time the code section is read; the first node packages the forced verification program, the complete code and the k hash value fields and uploads the packaged product to the code main chain;
based on the following implementation mode, each verification node in the distributed system can perform repeated code injection verification on the code segment which has completed coding according to experiences obtained in the previous running and coding processes, wherein the verification comprises various means which can realize code injection, such as reading loopholes of illegal symbols, effective identification of injection logic, long code identification, illegal identity verification and the like; for example, as shown in fig. 3, the client uses the suspicious input "admin 'or' 1 '=' 1 during the login process; the checking module judges that the input character field of the checking module is greatly different from the commonly used e-mail address according to the suspicious rule; secondly, a plurality of "'" symbols appear in the input, which is not common in general login; thirdly, once the statement runs, the database queries data under all administrator accounts, such as passwords and the like, and the data can be identified as common illegal operations by the checking module;
further, the verification node group collects a code injection means operation verification library after each verification node attempts, and the check module attempts to analyze and expand more occurrence possibilities of various code injection means so as to provide more specific identification characteristics for the verification nodes to serve as correction of verification behaviors and improve verification efficiency;
furthermore, the annotated sentences in the codes cannot be read by machine execution, and cannot be assembled by a machine after being identified by the machine, so that the annotated sentences cannot be identified in the code during the process of inversely encoding the codes; therefore, the encrypted text segment after the encryption of the original code is different from the encrypted text segment after the hash encryption of the code obtained by the inverse coding; in the process, even if the first private key of the first node is accidentally leaked, the result that the code after the reverse coding cannot pass the forced verification is not influenced;
furthermore, all the generated codes are encrypted in a segmented manner, and even if one code segment is completely decoded, the decoding cost and the profit are far different because the decoding process of all the code segments needs to consume great operation cost, so that the illegal decoding behavior is effectively prevented.
Example two:
this embodiment should be understood to include at least all of the features of any of the foregoing embodiments and further modifications thereon;
in the process of normally executing the code, the method has certain stability on other computer operation characteristics such as memory occupation, processor computational power occupation, network bandwidth flow occupation and the like of the system; particularly, various function libraries, statement handles, output fields and the like which are called into the memory have relatively fixed length and time sequence; when the code is loaded, the operating system allocates a virtual memory, maps code segments, data segments and the like in the executable file into the memory, loads a dynamic library, and then starts to execute from an entry point; all code injection can read/write data in the memory, so that additional execution of the injected codes is realized;
however, once the code is modified, the execution logic therein is susceptible to being perturbed and thus changed; therefore, in the embodiment, the check module marks and warns various suspicious code execution processes on the characteristic quantity in the operation process of the verification node in the code verification execution process;
when a plurality of verification nodes carry out injection verification test on codes, recording a code running mark event, wherein the recording comprises the following steps:
1. whether the dynamic library file not involved in the source code is called or not is judged according to the calling condition of the dynamic library, and an additional operation program is carried out;
2. running the same code segment for a total execution time exception;
3. attempting to delete a record of a marker event or a line in a record;
4. abnormal peak usage of network traffic;
5. calling an abnormal application of the database;
although the above features cannot directly consider that the code has the possibility of being injected by an exception, the checking module may still concern about the occurrence of these exception features, and may develop into a specific code injection vulnerability, and propose a modification suggestion to the first node, and the first node determines, according to the actual requirements of the encoding task, whether to require the computing node to re-encode the sub-task item with the exception, even the encoding stage.
Example three:
this embodiment should be understood to include at least all of the features of any of the embodiments described above and further refinements thereto:
in the existing decompilation technology, most of the program code entry features need to be determined first, so as to find the starting point of the execution logic of the source code, and then the logic sequence of the source code can be determined after decompilation
The common procedure is:
in the Delphy program, 1. the entry program is a normal push; 2. call a call of type E8 bytes; the contents of the E8 byte Call invoke a GetModuleHandleA () function; finally, entering a dynamic library calling condition obtained by a GetModuleHandleA () function, finding a jump byte position, and just finding a code entry;
in the Borland C + + program, an entry comprises a jmp statement, a field character fb is arranged in the middle of the jmp statement, C + + HOOK is arranged in the middle of the jmp statement, and the first call is a GetModuleHandleA () function;
in the Visual C + + program, the Call instruction points to the byte bit with the address FF15, and the first Call function of the VC entry point feature is GetVersion ();
it can be seen that common programs have more obvious entry features in wide coding use, which reduces the difficulty for the execution of decompilation;
therefore, in this embodiment, after the consensus among the plurality of computing node groups, t pseudo entry points are set for the same encoding stage, and t computing nodes of j computing nodes are responsible for completing the encoding of the t pseudo entry points; the code of the pseudo-entry requires a high degree of similarity;
furthermore, t computing nodes which are responsible for establishing a pseudo entry point make consensus, and correct entry information is recorded into the next encoding stage when the codes of the encoding stages are operated; the correct entry information has sufficient concealment and performability due to the analysis of the t computing nodes, so that the problem that extra computer resources are consumed for repeated verification and confirmation during normal code execution can be avoided;
when illegal inverse coding is encountered, if a correct entry of one coding stage needs to be obtained, complete inverse coding needs to be carried out on the next coding stage, and a progressive inverse coding loop is formed, so that the difficulty of inverse coding is greatly improved; also the cost of decompilation will be significantly increased.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Although the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications may be made without departing from the scope of the invention. That is, the methods, systems, and devices discussed above are examples. Various configurations may omit, substitute, or add various procedures or components as appropriate. For example, in alternative configurations, the methods may be performed in an order different than that described, and/or various components may be added, omitted, and/or combined. Moreover, features described with respect to certain configurations may be combined in various other configurations, as different aspects and elements of the configurations may be combined in a similar manner. Further, elements therein may be updated as technology evolves, i.e., many elements are examples and do not limit the scope of the disclosure or claims.
Specific details are given in the description to provide a thorough understanding of the exemplary configurations including implementations. However, configurations may be practiced without these specific details, for example, well-known circuits, processes, algorithms, structures, and techniques have been shown without unnecessary detail in order to avoid obscuring the configurations. This description provides example configurations only, and does not limit the scope, applicability, or configuration of the claims. Rather, the foregoing description of the configurations will provide those skilled in the art with an enabling description for implementing the described techniques. Various changes may be made in the function and arrangement of elements without departing from the spirit or scope of the disclosure.
In conclusion, it is intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that these examples are illustrative only and are not intended to limit the scope of the invention. After reading the description of the invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.

Claims (10)

1. A distributed coding system for preventing code injection or source code decompilation, the coding system comprising a scheduling module, an inspection module, and a processing module; the scheduling module runs on at least one node of the distributed coding system; the scheduling module generates a task number for a coding task to be performed and reserves a corresponding distributed coding cloud storage space, and splits the coding task into k coding stages according to a splitting rule, and further splits each coding stage into j subtask items; according to the current deployment condition of the distributed coding system, the scheduling module allocates the subtask item to a designated node in the distributed coding system for sub-coding processing; the inspection module monitors and verifies the encoded subtask items and feeds back verification results; the processing module is positioned on all operation nodes of the distributed coding system and is used for performing coding operation on the subtask item, encrypting a coding result, and performing operations of digital signature and packaging and uploading the operation result;
wherein, a alliance chain organization is built in the distributed coding system, and a code main chain is maintained on the alliance chain; when receiving an encoding task, all n nodes on the distributed encoding system select a first node through a consensus mechanism; the first node is used as a first response node for responding to the coding request and dispatching the coding task operation; the first node requires other nodes in the distributed coding system to play the roles of coding nodes or verification nodes by calling the scheduling module, and forms corresponding dispatching node records to provide verification possibility of legality and traceability; after the coding task is completed, the coding node requests at least one of the verification nodes to perform verification test on the code after the coding is completed so as to find out the code vulnerability possibly existing in the code vulnerability.
2. The distributed coding system for preventing code injection or source code decompilation as claimed in claim 1, wherein each node in the federation chain possesses a pair of public key Pkey and private key Skey belonging to the node; the public key Pkey and the private key Skey are generated in an asymmetric encryption mode; broadcasting the public key Pkey of the node to the alliance chain, and recording the public key Pkey by all nodes on the alliance chain; the private key Skey is stored and kept secret by the node and is used for encryption operation when the encoding operation of the subtask item is carried out; the information encrypted by the public key Pkey can only be decrypted by the private key Skey; the information encrypted by the private key Skey can only be decrypted by the public key Pkey.
3. The distributed coding system for preventing code injection or source code decompilation as claimed in claim 2, wherein after the first node is elected, a federation chain encrypts the login credentials of the scheduling module using the first public key of the first node; and the first node decrypts the login permit by using a first private key, acquires the scheduling authority of the scheduling module and executes task scheduling operation.
4. The distributed coding system for preventing code injection or source code decompiling as claimed in claim 3, wherein the first node sends one of the subtask items to (n-1) nodes except the first node for pre-coding by calling the scheduling module, and calculates the capability value of each node by measuring the computing capability and the load ratio of the (n-1) nodes; the scheduling module counts the capability values of all nodes and selects j nodes in (n-1) nodes as computing nodes; j computing nodes form a computing node group; the first node assigns j subtask items in one encoding stage to the computing node group and writes a computing node assignment record in the form of < task number-encoding stage-subtask item-computing node number >; and the first node executes dispatching operation according to the dispatching record of the computing nodes and distributes j subtask items in an encoding stage to j computing nodes for encoding operation.
5. The distributed coding system for preventing code injection or source decompilation of claim 4, wherein the compute node dispatch record is written by the first node into a block of the code backbone; the computing node group confirms the validity of all nodes through a consensus mechanism in a alliance chain; the alliance chain sends a pass certificate which is encrypted by a public key Pkey of each alliance chain and enables the authority of the processing module to j computing nodes in the computing node group; and each computing node decrypts the pass-certificate of the authority of the processing module through the respective private key Skey, so as to obtain the authority for calling the processing module, and the processing module is utilized for encoding processing.
6. The distributed coding system for preventing code injection or source code decompilation as claimed in claim 5, wherein after the group of computing nodes is specified, the scheduling module specifies the remaining (n-j-1) nodes as verification nodes, and the scheduling module generates a verification node assignment record < task number-coding phase-subtask item-verification node number >.
7. The distributed coding system for preventing code injection or source decompilation of claim 6, wherein the validation node assignment record is written by the first node into a block of the code backbone; the verification node group confirms the validity of all nodes through a consensus mechanism in a alliance chain; the alliance chain sends a pass certificate which is encrypted by the public key Pkey of each authentication node and enables the authority of the check module to (n-j-1) authentication nodes in the authentication node group; and each verification node decrypts the certification of the authority of the inspection module through the respective private key Skey so as to obtain the authority for calling the inspection module, and the inspection module is used for coding supervision.
8. The distributed coding system for preventing code injection or source code decompiling of claim 7, wherein when one of the compute nodes completes one of the subtask items and obtains a corresponding code segment, at least one of the verification nodes is requested to perform a code injection test; at least one verification node performs at least p attempted injection operations on the code segment by utilizing known or possible code injection modes; the value of p is determined by the first node by evaluating the length of the code segment and the capability value of at least one of the verification nodes; at least one verification node calls a filter of the checking module and a judger simultaneously records whether the code segment has a bug after code injection operation is tried; and after the verification node finishes p times of injection operations, obtaining a check record, feeding the check record back to the first node, calling the scheduling module by the first node, and determining whether the computing node needs to recode the subtask item so as to ensure enough defense capacity for code injection.
9. The distributed coding system for preventing code injection or source code decompilation as claimed in claim 8, wherein the first node traverses the coding stages after obtaining all code segments of one of the coding stages, and adds a segment of hash value ciphertext segment encrypted by the private key Skey of the first node at a random position therein, and annotates the ciphertext segment with an annotation symbol; the first node carries out byte number grouping on a complete code of the coding stage added with the cipher text segment, and carries out hash operation encryption on the grouped complete code through the private key Skey of the first node to obtain a hash value field with fixed length representing the coding stage.
10. The distributed encoding system for preventing code injection or source decompilation as claimed in claim 9, wherein the first node obtains k of the hash value fields by encrypting k of the encoding stages; after the first node integrates the codes of the k encoding stages, a forced verification program is added at the beginning of the codes, and the k hash value fields of the k encoding stages are required to be forcibly verified each time the code section is read; and the first node packages the forced verification program, the complete code and the k hash value fields and uploads the packaged fields to the code main chain.
CN202111141640.0A 2021-09-28 2021-09-28 Distributed coding system for preventing code injection or source code decompilation Active CN113591041B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111141640.0A CN113591041B (en) 2021-09-28 2021-09-28 Distributed coding system for preventing code injection or source code decompilation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111141640.0A CN113591041B (en) 2021-09-28 2021-09-28 Distributed coding system for preventing code injection or source code decompilation

Publications (2)

Publication Number Publication Date
CN113591041A CN113591041A (en) 2021-11-02
CN113591041B true CN113591041B (en) 2021-12-31

Family

ID=78242345

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111141640.0A Active CN113591041B (en) 2021-09-28 2021-09-28 Distributed coding system for preventing code injection or source code decompilation

Country Status (1)

Country Link
CN (1) CN113591041B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500053B (en) * 2022-01-27 2023-12-05 安徽华云安科技有限公司 Code injection detection method and device, electronic equipment and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106603198A (en) * 2016-12-02 2017-04-26 深圳大学 Blockchain distributed storage method and system with network coding
CN109343937A (en) * 2018-10-07 2019-02-15 张维加 A kind of distributed computing system of striding equipment deployment
CN111079097A (en) * 2018-10-22 2020-04-28 张维加 Programming development system based on network
CN111552931A (en) * 2020-04-30 2020-08-18 平安科技(深圳)有限公司 Method and system for adding shell of java code
WO2020251124A1 (en) * 2019-06-11 2020-12-17 건국대학교 산학협력단 Machine learning model-based hevc distributed decoding method, device and system using blockchain
CN112948827A (en) * 2021-01-11 2021-06-11 杭州复杂美科技有限公司 Source code compiling verification method, system, equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190303623A1 (en) * 2018-04-02 2019-10-03 Ca, Inc. Promotion smart contracts for software development processes
EP3564873B1 (en) * 2018-04-30 2022-11-30 Hewlett Packard Enterprise Development LP System and method of decentralized machine learning using blockchain
CN108924232A (en) * 2018-07-11 2018-11-30 佛山伊苏巨森科技有限公司 A kind of distributed block chain network system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106603198A (en) * 2016-12-02 2017-04-26 深圳大学 Blockchain distributed storage method and system with network coding
CN109343937A (en) * 2018-10-07 2019-02-15 张维加 A kind of distributed computing system of striding equipment deployment
CN111079097A (en) * 2018-10-22 2020-04-28 张维加 Programming development system based on network
WO2020251124A1 (en) * 2019-06-11 2020-12-17 건국대학교 산학협력단 Machine learning model-based hevc distributed decoding method, device and system using blockchain
CN111552931A (en) * 2020-04-30 2020-08-18 平安科技(深圳)有限公司 Method and system for adding shell of java code
CN112948827A (en) * 2021-01-11 2021-06-11 杭州复杂美科技有限公司 Source code compiling verification method, system, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于深度学习的智能合约漏洞检测技术研究;姜冲;《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑 》;20210215;第I138-582页 *

Also Published As

Publication number Publication date
CN113591041A (en) 2021-11-02

Similar Documents

Publication Publication Date Title
US10395012B2 (en) Media client device authentication using hardware root of trust
US9836612B2 (en) Protecting data
CN108076057A (en) A kind of data security system and method based on block chain
JP2023506634A (en) partially ordered blockchain
KR20140099126A (en) Method of securing software using a hash function, Computer readable storage medium of recording the method and a software processing apparatus
KR20050084888A (en) Automatically generated cryptographic functions for renewable tamper-resistant security systems
JP2023520632A (en) Noise transactions for data protection
Demsky Cross-application data provenance and policy enforcement
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
Alluhaybi et al. A survey: agent-based software technology under the eyes of cyber security, security controls, attacks and challenges
CN114041134A (en) System and method for block chain based secure storage
CN113591041B (en) Distributed coding system for preventing code injection or source code decompilation
Anglano et al. Securing coding-based cloud storage against pollution attacks
Wu et al. Exploring dynamic task loading in SGX-based distributed computing
CN114844688A (en) Data transmission method, device, equipment and computer storage medium
Wale Amol et al. Data integrity auditing of cloud storage
CN114448648A (en) Sensitive credential management method and system based on RPA
CN109302442B (en) Data storage proving method and related equipment
JP2023542527A (en) Software access through heterogeneous encryption
US11882228B1 (en) Systems and methods for generating shell-wrapped self-executing programs for conducting cryptographically secure actions
Tedeschi et al. Information security and threats in mobile appliances
Liu et al. Video data integrity verification method based on full homomorphic encryption in cloud system
Kara et al. File system for aircraft maintenance records based on blockchain and IPFS
Shin et al. An Investigation of PSA Certified
Arora et al. A Variant of Secret Sharing Protected with Poly-1305

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant