System and method for executing an encrypted binary from a memory pool

摘要

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for executing encrypted computer code. A system configured to practice the method receives a request to execute encrypted computer code. In response to the request, the system identifies a portion of the encrypted computer code for execution and decrypts the portion to yield decrypted computer code. Then the system stores the decrypted computer code in a pool of memory and executes the decrypted computer code from the pool of memory. The system can store the decrypted computer code in the pool of memory based on a randomization algorithm so that identical executions of the encrypted computer code result in selections of different available memory locations within the pool of memory. Related portions can be stored non-consecutively in the pool of memory. The pool of memory can store different portions of decrypted computer code over time.

主权项

1. A method comprising:
receiving a request to execute a computer program, the computer program including a set of encrypted slices and an unpacking mechanism, wherein each encrypted slice in the set of encrypted slices is sized based on an analysis of the computer program, the size based at least in part on at least one of a target architecture, performance, code structure, complexity level, or code sensitivity; determining that a first encrypted slice from the set of encrypted slices is needed for execution; decrypting by the unpacking mechanism the first encrypted slice to yield a first decrypted slice; storing the first decrypted slice at a first location in a pool of memory; patching relative references based on the first location of the first decrypted slice in the pool of memory; executing, via a processor of a computing device, the first decrypted slice from the first location in the pool of memory; and evicting the first decrypted slice from the first location in the memory pool.