A compiler-based infrastructure for software-protection

Liem, Clifford; Gu, Yuan; Johnson, Harold J.

doi:10.1145/1375696.1375702

Cited by 16 publications

(9 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Typically, junk instructions [16], equivalent instructions, packers [17,18], code encryption, above technology usually are used to resist disassembly and some static analysis. There are also other code protection techniques like code obfuscation [19], Control flow and data flow obfuscation [20][21][22],etc. these protection methods can only provide limited obscurity, So in practical applications, these approaches are seldom caught alone, and they usually combine with each other to protect an instance.…”

Section: Related Workmentioning

confidence: 99%

Exploit dynamic data flows to protect software against semantic attacks

Kuang

Tang

Gong

et al. 2017

2017 IEEE SmartWorld, Ubiquitous Intelligence &Amp; Computing, Advanced &Amp; Trusted Computed, Scalable Computing &Amp; Commun

View full text Add to dashboard Cite

Unauthorized code modification based on reverse engineering is a serious threat for software industry. Virtual machine based code obfuscation is emerging as a powerful technique for software protection. However, the current code obfuscation techniques are vulnerable under semantic attacks which use dynamic profiling to transform an obfuscated program to construct a simpler program that is functionally equivalent to the obfuscated program but easier to analyze. This paper presents DSA-VMP, a novel VM-based code obfuscation technique, to address the issue of semantic attacks. Our design goal is to exploit dynamic data flows to increase the diversity of the program behaviour. Doing so can reduce the effectiveness of dynamic profiling. Our approach using multiple bytecode handlers to interpret a single bytecode and hiding the logics that determine the program execution path (it is difficult for the attacker anticipate the program execution flow). These two techniques greatly increase the diversity of the program execution where the protected code regions exhibit a complex data flow across multiple runs, making it harder and more time consuming to trace the program execution through profiling. Our approach is evaluated using a set of real-world applications. Experimental results show that DSA-VMP can well protect software against semantic attacks at the cost of little extra runtime overhead when compared to two commercial VM-based code obfuscation tools.

show abstract

Section: Related Workmentioning

confidence: 99%

Exploit dynamic data flows to protect software against semantic attacks

Kuang

Tang

Gong

et al. 2017

2017 IEEE SmartWorld, Ubiquitous Intelligence &Amp; Computing, Advanced &Amp; Trusted Computed, Scalable Computing &Amp; Commun

View full text Add to dashboard Cite

show abstract

“…Traditionally, techniques like junk instructions [20], packers [21], [22], are used to protect software against attacks based on disassembly and static analysis. There are also other code protection techniques like code obfuscation [23], control flow and data flow obfuscation [24], [25], [26], all aim to obfuscate the semantic and logical information of the target program. In practice, these approaches are often used in combination to provide stronger protection.…”

Section: Related Workmentioning

confidence: 99%

Exploiting Dynamic Scheduling for VM-Based Code Obfuscation

Kuang

Tang

Gong

et al. 2016

2016 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

Code virtualization built upon virtual machine (VM) technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed scheduling structure where the program follows a single, static execution path for the same input. Such approaches, however, are vulnerable to certain scenarios where the attacker can reuse knowledge extracted from previously seen software to crack applications using similar protection schemes. This paper presents DSVMP, a novel VM-based code obfuscation approach for software protection. DSVMP brings together two techniques to provide stronger code protection than prior VM-based schemes. Firstly, it uses a dynamic instruction scheduler to randomly direct the program to execute different paths without violating the correctness across different runs. By randomly choosing the program execution paths, the application exposes diverse behavior, making it much more difficult for an attacker to reuse the knowledge collected from previous runs or similar applications to perform attacks. Secondly, it employs multiple VMs to further obfuscate the relationship between VM bytecode and their interpreters, making code analysis even harder. We have implemented DSVMP in a prototype system and evaluated it using a set of widely used applications. Experimental results show that DSVMP provides stronger protection with comparable runtime overhead and code size when compared to two commercial VMbased code obfuscation tools.

show abstract

“…First, they can rewrite program source code. For example, the Tigress diversifying compiler [17] and the Cloakware diversification system [18] are obfuscators that apply source-to-source transformations on C code. At a lower level of abstraction are obfuscators that transform the compiler representation of code, such as obfuscator-llvm [19].…”

Section: Related Workmentioning

confidence: 99%

Obfuscating Windows DLLs

Abrath¹,

Coppens²,

Volckaert³

et al. 2015

2015 IEEE/ACM 1st International Workshop on Software Protection

View full text Add to dashboard Cite

Abstract-We present two techniques to obfuscate the interfaces between application binaries and Windows system DLLs (dynamic-link libraries). The first technique obfuscates the related symbol information in the binary to prevent static analyses from identifying the invoked library functions. The second technique combines static linking with code obfuscation to avoid the external interface altogether, thus preventing dynamic attacks as well. This is done while still maintaining compatibility with multiple Windows versions, through run-time adaptation of the application. As the first concrete result of this ongoing research, we demonstrate and evaluate the techniques using a proof-ofconcept tool applied to a simple test program.

show abstract

A compiler-based infrastructure for software-protection

Cited by 16 publications

References 11 publications

Exploit dynamic data flows to protect software against semantic attacks

Exploit dynamic data flows to protect software against semantic attacks

Exploiting Dynamic Scheduling for VM-Based Code Obfuscation

Obfuscating Windows DLLs

Contact Info

Product

Resources

About